Skip to content

Commit 0519b4b

Browse files
authored
Merge branch 'main' into hotfix/ci
2 parents 8edde88 + 54382f6 commit 0519b4b

209 files changed

Lines changed: 53198 additions & 2048 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

frontend/e2e/tests/security-mobile.spec.ts renamed to .archive/legacy-tests-phase3/frontend-e2e/security-mobile.spec.ts

File renamed without changes.

frontend/e2e/tests/waf.spec.ts renamed to .archive/legacy-tests-phase3/frontend-e2e/waf.spec.ts

File renamed without changes.

frontend/tests/login.smoke.spec.ts renamed to .archive/legacy-tests-phase3/frontend-tests/login.smoke.spec.ts

File renamed without changes.

.docker/compose/docker-compose.yml

Lines changed: 4 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -35,25 +35,10 @@ services:
3535
- CHARON_CADDY_BINARY=caddy
3636
- CHARON_IMPORT_CADDYFILE=/import/Caddyfile
3737
- CHARON_IMPORT_DIR=/app/data/imports
38-
# Security Services (Optional)
39-
# 🚨 DEPRECATED: CrowdSec environment variables are no longer used.
40-
# CrowdSec is now GUI-controlled via the Security dashboard.
41-
# Remove these lines and use the GUI toggle instead.
42-
# See: https://wikid82.github.io/charon/migration-guide
43-
#- CERBERUS_SECURITY_CROWDSEC_MODE=disabled # ⚠️ DEPRECATED - Use GUI toggle
44-
#- CERBERUS_SECURITY_CROWDSEC_API_URL= # ⚠️ DEPRECATED - External mode removed
45-
#- CERBERUS_SECURITY_CROWDSEC_API_KEY= # ⚠️ DEPRECATED - External mode removed
46-
#- CERBERUS_SECURITY_WAF_MODE=disabled # disabled, enabled
47-
#- CERBERUS_SECURITY_RATELIMIT_ENABLED=false
48-
#- CERBERUS_SECURITY_ACL_ENABLED=false
49-
# Backward compatibility: CPM_ prefixed variables are still supported
50-
# 🚨 DEPRECATED: Use GUI toggle instead (see Security dashboard)
51-
#- CPM_SECURITY_CROWDSEC_MODE=disabled # ⚠️ DEPRECATED
52-
#- CPM_SECURITY_CROWDSEC_API_URL= # ⚠️ DEPRECATED
53-
#- CPM_SECURITY_CROWDSEC_API_KEY= # ⚠️ DEPRECATED
54-
#- CPM_SECURITY_WAF_MODE=disabled
55-
#- CPM_SECURITY_RATELIMIT_ENABLED=false
56-
#- CPM_SECURITY_ACL_ENABLED=false
38+
# Paste your CrowdSec API details here to prevent auto reregistration on startup
39+
# Obtained from your CrowdSec settings on first setup
40+
- CHARON_SECURITY_CROWDSEC_API_URL=http://localhost:8085
41+
- CHARON_SECURITY_CROWDSEC_API_KEY=<your-crowdsec-api-key-here>
5742
extra_hosts:
5843
- "host.docker.internal:host-gateway"
5944
volumes:

.docker/docker-entrypoint.sh

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -130,6 +130,20 @@ if command -v cscli >/dev/null; then
130130
mkdir -p "$CS_CONFIG_DIR" 2>/dev/null || echo "Warning: Cannot create $CS_CONFIG_DIR"
131131
mkdir -p "$CS_DATA_DIR" 2>/dev/null || echo "Warning: Cannot create $CS_DATA_DIR"
132132
mkdir -p "$CS_PERSIST_DIR/hub_cache"
133+
134+
# ============================================================================
135+
# CrowdSec Bouncer Key Persistence Directory
136+
# ============================================================================
137+
# Create the persistent directory for bouncer key storage.
138+
# This directory is inside /app/data which is volume-mounted.
139+
# The bouncer key will be stored at /app/data/crowdsec/bouncer_key
140+
echo "CrowdSec bouncer key will be stored at: $CS_PERSIST_DIR/bouncer_key"
141+
142+
# Fix ownership for key directory if running as root
143+
if is_root; then
144+
chown charon:charon "$CS_PERSIST_DIR" 2>/dev/null || true
145+
fi
146+
133147
# Log directories are created at build time with correct ownership
134148
# Only attempt to create if they don't exist (first run scenarios)
135149
mkdir -p /var/log/crowdsec 2>/dev/null || true

.github/agents/Backend_Dev.agent.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: 'Senior Go Engineer focused on high-performance, secure backend imp
44
argument-hint: 'The specific backend task from the Plan (e.g., "Implement ProxyHost CRUD endpoints")'
55
tools:
66
['execute', 'read', 'agent', 'edit/createDirectory', 'edit/createFile', 'edit/editFiles', 'edit/editNotebook', 'search', 'todo']
7-
model: 'claude-opus-4-5-20250514'
7+
model: 'Cloaude Sonnet 4.5'
88
---
99
You are a SENIOR GO BACKEND ENGINEER specializing in Gin, GORM, and System Architecture.
1010
Your priority is writing code that is clean, tested, and secure by default.

.github/agents/DevOps.agent.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: 'DevOps specialist for CI/CD pipelines, deployment debugging, and G
44
argument-hint: 'The CI/CD or infrastructure task (e.g., "Debug failing GitHub Action workflow")'
55
tools:
66
['execute', 'read', 'agent', 'github/*', 'github/*', 'io.github.goreleaser/mcp/*', 'edit/createDirectory', 'edit/createFile', 'edit/editFiles', 'edit/editNotebook', 'search', 'web', 'github/*', 'todo', 'ms-azuretools.vscode-containers/containerToolsConfig']
7-
model: 'claude-opus-4-5-20250514'
7+
model: 'Cloaude Sonnet 4.5'
88
mcp-servers:
99
- github
1010
---

.github/agents/Doc_Writer.agent.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ name: 'Docs Writer'
33
description: 'User Advocate and Writer focused on creating simple, layman-friendly documentation.'
44
argument-hint: 'The feature to document (e.g., "Write the guide for the new Real-Time Logs")'
55
tools:
6-
['read', 'github/*', 'github/*', 'edit/createDirectory', 'edit/createFile', 'edit/editFiles', 'edit/editNotebook', 'search', 'github/*', 'todo']
7-
model: 'claude-opus-4-5-20250514'
6+
['read/getNotebookSummary', 'read/problems', 'read/readFile', 'read/readNotebookCellOutput', 'read/terminalSelection', 'read/terminalLastCommand', 'read/getTaskOutput', 'edit/createDirectory', 'edit/createFile', 'edit/editFiles', 'edit/editNotebook', 'search/changes', 'search/codebase', 'search/fileSearch', 'search/listDirectory', 'search/searchResults', 'search/textSearch', 'search/usages', 'search/searchSubagent', 'web/fetch', 'github/add_comment_to_pending_review', 'github/add_issue_comment', 'github/assign_copilot_to_issue', 'github/create_branch', 'github/create_or_update_file', 'github/create_pull_request', 'github/create_repository', 'github/delete_file', 'github/fork_repository', 'github/get_commit', 'github/get_file_contents', 'github/get_label', 'github/get_latest_release', 'github/get_me', 'github/get_release_by_tag', 'github/get_tag', 'github/get_team_members', 'github/get_teams', 'github/issue_read', 'github/issue_write', 'github/list_branches', 'github/list_commits', 'github/list_issue_types', 'github/list_issues', 'github/list_pull_requests', 'github/list_releases', 'github/list_tags', 'github/merge_pull_request', 'github/pull_request_read', 'github/pull_request_review_write', 'github/push_files', 'github/request_copilot_review', 'github/search_code', 'github/search_issues', 'github/search_pull_requests', 'github/search_repositories', 'github/search_users', 'github/sub_issue_write', 'github/update_pull_request', 'github/update_pull_request_branch', 'github/add_comment_to_pending_review', 'github/add_issue_comment', 'github/assign_copilot_to_issue', 'github/create_branch', 'github/create_or_update_file', 'github/create_pull_request', 'github/create_repository', 'github/delete_file', 'github/fork_repository', 'github/get_commit', 'github/get_file_contents', 'github/get_label', 'github/get_latest_release', 'github/get_me', 'github/get_release_by_tag', 'github/get_tag', 'github/get_team_members', 'github/get_teams', 'github/issue_read', 'github/issue_write', 'github/list_branches', 'github/list_commits', 'github/list_issue_types', 'github/list_issues', 'github/list_pull_requests', 'github/list_releases', 'github/list_tags', 'github/merge_pull_request', 'github/pull_request_read', 'github/pull_request_review_write', 'github/push_files', 'github/request_copilot_review', 'github/search_code', 'github/search_issues', 'github/search_pull_requests', 'github/search_repositories', 'github/search_users', 'github/sub_issue_write', 'github/update_pull_request', 'github/update_pull_request_branch', 'github/add_comment_to_pending_review', 'github/add_issue_comment', 'github/assign_copilot_to_issue', 'github/create_branch', 'github/create_or_update_file', 'github/create_pull_request', 'github/create_repository', 'github/delete_file', 'github/fork_repository', 'github/get_commit', 'github/get_file_contents', 'github/get_label', 'github/get_latest_release', 'github/get_me', 'github/get_release_by_tag', 'github/get_tag', 'github/get_team_members', 'github/get_teams', 'github/issue_read', 'github/issue_write', 'github/list_branches', 'github/list_commits', 'github/list_issue_types', 'github/list_issues', 'github/list_pull_requests', 'github/list_releases', 'github/list_tags', 'github/merge_pull_request', 'github/pull_request_read', 'github/pull_request_review_write', 'github/push_files', 'github/request_copilot_review', 'github/search_code', 'github/search_issues', 'github/search_pull_requests', 'github/search_repositories', 'github/search_users', 'github/sub_issue_write', 'github/update_pull_request', 'github/update_pull_request_branch', 'vscode.mermaid-chat-features/renderMermaidDiagram', 'todo']
7+
model: 'Cloaude Sonnet 4.5'
88
mcp-servers:
99
- github
1010
---

.github/agents/Frontend_Dev.agent.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: 'Senior React/TypeScript Engineer for frontend implementation.'
44
argument-hint: 'The frontend feature or component to implement (e.g., "Implement the Real-Time Logs dashboard component")'
55
tools:
66
['vscode', 'execute', 'read', 'agent', 'edit/createDirectory', 'edit/createFile', 'edit/editFiles', 'edit/editNotebook', 'search', 'todo']
7-
model: 'claude-opus-4-5-20250514'
7+
model: 'Cloaude Sonnet 4.5'
88
---
99
You are a SENIOR REACT/TYPESCRIPT ENGINEER with deep expertise in:
1010
- React 18+, TypeScript 5+, TanStack Query, TanStack Router
Lines changed: 48 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@ name: 'Management'
33
description: 'Engineering Director. Delegates ALL research and execution. DO NOT ask it to debug code directly.'
44
argument-hint: 'The high-level goal (e.g., "Build the new Proxy Host Dashboard widget")'
55
tools:
6-
['vscode/extensions', 'vscode/getProjectSetupInfo', 'vscode/installExtension', 'vscode/openSimpleBrowser', 'vscode/runCommand', 'vscode/askQuestions', 'vscode/switchAgent', 'vscode/vscodeAPI', 'execute', 'read', 'agent', 'github/*', 'github/*', 'io.github.goreleaser/mcp/*', 'trivy-mcp/*', 'edit/createDirectory', 'edit/createFile', 'edit/editFiles', 'edit/editNotebook', 'search', 'web', 'github/*', 'playwright/*', 'todo', 'github.vscode-pull-request-github/issue_fetch', 'github.vscode-pull-request-github/suggest-fix', 'github.vscode-pull-request-github/searchSyntax', 'github.vscode-pull-request-github/doSearch', 'github.vscode-pull-request-github/renderIssues', 'github.vscode-pull-request-github/activePullRequest', 'github.vscode-pull-request-github/openPullRequest', 'ms-azuretools.vscode-containers/containerToolsConfig']
7-
model: 'claude-opus-4-5-20250514'
6+
['vscode', 'execute', 'read', 'agent', 'edit', 'search', 'web', 'github/*', 'github/*', 'github/*', 'io.github.goreleaser/mcp/*', 'playwright/*', 'trivy-mcp/*', 'playwright/*', 'vscode.mermaid-chat-features/renderMermaidDiagram', 'github.vscode-pull-request-github/issue_fetch', 'github.vscode-pull-request-github/suggest-fix', 'github.vscode-pull-request-github/searchSyntax', 'github.vscode-pull-request-github/doSearch', 'github.vscode-pull-request-github/renderIssues', 'github.vscode-pull-request-github/activePullRequest', 'github.vscode-pull-request-github/openPullRequest', 'ms-azuretools.vscode-containers/containerToolsConfig', 'todo']
7+
model: 'Cloaude Sonnet 4.5'
88
---
99
You are the ENGINEERING DIRECTOR.
1010
**YOUR OPERATING MODEL: AGGRESSIVE DELEGATION.**
@@ -66,24 +66,59 @@ You are "lazy" in the smartest way possible. You never do what a subordinate can
6666
- **Manual Testing**: create a new test plan in `docs/issues/*.md` for tracking manual testing focused on finding potential bugs of the implemented features.
6767
- **Final Report**: Summarize the successful subagent runs.
6868
- **Commit Message**: Provide a copy and paste code block commit message at the END of the response on format laid out in `.github/instructions/commit-message.instructions.md`
69-
69+
- **STRICT RULES**:
70+
- ❌ DO NOT mention file names
71+
- ❌ DO NOT mention line counts (+10/-2)
72+
- ❌ DO NOT summarize diffs mechanically
73+
- ✅ DO describe behavior changes, fixes, or intent
74+
- ✅ DO explain the reason for the change
75+
- ✅ DO assume the reader cannot see the diff
76+
77+
COMMIT MESSAGE FORMAT:
7078
```
7179
---
7280

73-
type: descriptive commit title
81+
type: concise, descriptive title written in imperative mood
7482

75-
Detailed commit message body explaining what changed and why
76-
- Bullet points for key changes
83+
Detailed explanation of:
84+
- What behavior changed
85+
- Why the change was necessary
86+
- Any important side effects or considerations
7787
- References to issues/PRs
7888

7989
```
80-
- Use `feat:` for new user-facing features
81-
- Use `fix:` for bug fixes in application code
82-
- Use `chore:` for infrastructure, CI/CD, dependencies, tooling
83-
- Use `docs:` for documentation-only changes
84-
- Use `refactor:` for code restructuring without functional changes
85-
- Include body with technical details and reference any issue numbers
86-
- **CRITICAL**: Place commit message at the VERY END after all summaries and file lists so user can easily find and copy it
90+
END COMMIT MESSAGE FORMAT
91+
92+
- **Type**:
93+
Use conventional commit types:
94+
- `feat:` new user-facing behavior
95+
- `fix:` bug fixes or incorrect behavior
96+
- `chore:` tooling, CI, infra, deps
97+
- `docs:` documentation only
98+
- `refactor:` internal restructuring without behavior change
99+
100+
- **CRITICAL**:
101+
- The commit message MUST be meaningful without viewing the diff
102+
- The commit message MUST be the final content in the response
103+
104+
```
105+
## Example: before vs after
106+
107+
### ❌ What you’re getting now
108+
```
109+
chore: update tests
110+
111+
Edited security-suite-integration.spec.ts +10 -2
112+
```
113+
114+
### ✅ What you *want*
115+
```
116+
fix: harden security suite integration test expectations
117+
118+
- Updated integration test to reflect new authentication error handling
119+
- Prevents false positives when optional headers are omitted
120+
- Aligns test behavior with recent proxy validation changes
121+
```
87122
88123
</workflow>
89124

0 commit comments

Comments
 (0)